Disclosed are system, method and computer program product for detecting malicious files on mobile devices. An example method includes: analyzing a file to identify classes and methods contained in said classes; identifying a bytecode array for each identified method; determining instructions contained in each method by identifying a corresponding operation code from the bytecode array of each method; dividing the determined instructions for each method into a plurality of groups based on similarity of functionality among said instructions; forming a vector for each method on the basis of the results of the division of the instructions into the plurality of groups; comparing the formed vectors with a plurality of vectors of known malicious files to determine a degree of similarity between the compared vectors; and determining whether the analyzed file is malicious or clean based on the degree of similarity between the compared vectors.